What businesses need to do to minimise their risk
For the past decade, the threat of cybercrime has grown and grown. And, while it’s not a new challenge, the number of cyber-attacks faced by Australian businesses are increasing by the year.
According to the Annual Cyber Threat Report published by the Australian Cyber Security Centre (ACSC), calls to the Cyber Security Hotline increased by 15 per cent in the 12 months to June 2022, and over 76,000 reports of cybercrime were made in Australia in the same time frame.
In financial terms, more than $98m was lost to cybercrime in the year to June 2022, an average loss of $64,000 per report, while the average cost per cybercrime report was $39,000 for small businesses, $88,000 for medium sized businesses, and more than $62,000 for large businesses.
Of course, these figures only capture the incidents that were reported. The reality for many businesses is that the fear of reputational damage could cause them to hold off reporting that they’ve been victims of cybercrime – meaning the ‘real’ figures are likely to be significantly higher.
Since the release of the ACSC report, however, both Optus and Medibank have been breached, with the personal information of thousands of Australians released onto the dark web. And, as a result, it’s fair to assume cybercrime figures for the year ending June 2023 will show another increase.
As a result of those high-profile incidents, however, awareness of the threat of cybercrime is high – and increasingly, businesses are looking to standalone cyber insurance as a means of protection against the impact a cyber-attack could have.
And it’s an area that business owners and directors need to pay close attention too – particularly with the recent ASIC increase in the maximum penalty for serious or repeated privacy breaches from $2.2m to $50m (or three times the value of any benefit obtained through the misuse of information, or 30 per cent turnover – whichever is greater).
The onus is firmly on businesses to ensure they have their cyber house in order.
Having the right safeguards and procedures in place is essential, and insurers will need to see two or multi-factor authentication, software that’s patched and updated regularly, and anti-virus protection. For bigger businesses, intrusion detection and prevention tools and strong email security protocols are critical.
Of course, that’s only part of the story, and the ACSC recommends businesses review the cybersecurity of remote workers, use only reputable cloud service and managed service providers, and set up secure passphrases, as well as regularly back up devices.
It’s also smart to have response plans in place, and businesses are increasingly engaging cyber security experts to help ensure they’ve got everything necessary in place to help ward off a cyber incident.
If you need assistance, a Gow-Gates specialist can work with you immediately to not only achieve better insurance outcomes, but also ensure you have critical areas covered.
Of course, it’s well known that people are the weakest link in the cyber security chain – so a structured staff training program is essential.
In previous years, an annual session on cybersecurity may have been considered adequate. In today’s climate, however, more frequent sessions are required.
The harsh reality, however, is that for the vast majority of businesses, it’s when – rather than if – a cyber-attack takes place.
Having good security measures in place and ensuring staff are well educated and on guard is essential – and cyber insurance can provide valuable backup.
Cyber insurance is there, of course, to protect businesses should all else fail, and as well as providing financial security, many policies offer emergency response, which provides access to specialist legal advice, IT forensic consultants and specialists trained in ransomware negotiation.
Cyber insurance take-up by businesses at present is relatively low – however, with the threat ever increasing, it’s something that businesses need to seriously consider adding to their stack of insurance solutions.
Speak to your Gow-Gates specialist today about how cyber insurance can help protect your business.
Discover the difference our expertise can make.
Speak directly with a member of our team.
Call +61 2 8267 9999